exploitDog

SUSE-SU-2019:14005-1

Опубликовано: 01 апр. 2019

Источник: suse-cvrf

Описание

Security update for ed

This update for ed fixes the following security issues:

CVE-2017-5357: An invalid free in the regular expression handling of the 'ed' command processing could allow local users to crash ed. (bsc#1019807)

Список пакетов

SUSE Linux Enterprise Server 11 SP4

ed-0.2-1001.30.3.4

SUSE Linux Enterprise Server for SAP Applications 11 SP4

ed-0.2-1001.30.3.4

Ссылки

https://www.suse.com/support/update/announcement/2019/suse-su-201914005-1/
Link for SUSE-SU-2019:14005-1
https://lists.suse.com/pipermail/sle-security-updates/2019-April/005279.html
E-Mail link for SUSE-SU-2019:14005-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings
https://bugzilla.suse.com/1019807
SUSE Bug 1019807
https://www.suse.com/security/cve/CVE-2017-5357/
SUSE CVE CVE-2017-5357 page

Описание

regex.c in GNU ed before 1.14.1 allows attackers to cause a denial of service (crash) via a malformed command, which triggers an invalid free.

Затронутые продукты

SUSE Linux Enterprise Server 11 SP4:ed-0.2-1001.30.3.4

SUSE Linux Enterprise Server for SAP Applications 11 SP4:ed-0.2-1001.30.3.4

Ссылки

https://www.suse.com/security/cve/CVE-2017-5357.html
CVE-2017-5357
https://bugzilla.suse.com/1019807
SUSE Bug 1019807
https://bugzilla.suse.com/1148899
SUSE Bug 1148899
https://bugzilla.suse.com/1196769
SUSE Bug 1196769